Posts Tagged Privacy

When the Most Personal Secrets Get Outed on Facebook

BY GEOFFREY A. FOWLER

AUSTIN, Texas—Bobbi Duncan desperately wanted her father not to know she is lesbian. Facebook told him anyway.

One evening last fall, the president of the Queer Chorus, a choir group she had recently joined, inadvertently exposed Ms. Duncan’s sexuality to her nearly 200 Facebook friends, including her father, by adding her to a Facebook Inc. discussion group. That night, Ms. Duncan’s father left vitriolic messages on her phone, demanding she renounce same-sex relationships, she says, and threatening to sever family ties.

The 22-year-old cried all night on a friend’s couch. “I felt like someone had hit me in the stomach …

In November 2009, police officers in the state of Washington seized an iPhone belonging to suspected drug dealer Daniel Lee. While the phone was in police custody, a man named Shawn Hinton sent a text message to the device, reading, “Hey whats up dogg can you call me i need to talk to you.” Suspecting that Hinton was looking to buy drugs from Lee, Detective Kevin Sawyer replied to the message, posing as Lee. With a series of text messages, he arranged to meet Hinton in the parking lot of a local grocery store—where Hinton was arrested and charged with attempted possession of heroin.

Hinton wasn’t Sawyer’s only target. According to a court decision summing up the facts, “Sawyer spent about 5 or 10 minutes looking at some of the text messages on the iPhone; he also looked to see who had been calling. Many of the text messages that Lee’s iPhone had received and stored were from individuals who were seeking drugs from Lee.”

So Sawyer texted one of the individuals on the list and asked him if he “needed more.” The individual, Jonathan Roden, replied, “Yeah, that would be cool. I still gotta sum, but I could use some more. I prefer to just get a ball, so I’m only payin’ one eighty for it, instead of two Ts for two hundred, that way.” (The court helpfully explained that a “ball” is “a drug weight equivalent to approximately 3.5 grams.”)

But can cops legally do this with seized cell phones? When their cases went to trial, Hinton and Roden both argued that Sawyer had violated their privacy rights by intercepting, without a warrant, private communications intended for Lee.

But in a pair of decisions, one of which was recently covered by Forbes, a Washington state appeals court disagreed. If the decisions, penned by Judge Joel Penoyar and supported by one of his colleagues, are upheld on appeal, they could have far-reaching implications for cell phone privacy.

“No longer private or deserving of constitutional protection”

“There is no long history and tradition of strict legislative protection of a text message sent to, displayed, and received from its intended destination, another person’s iPhone,” Penoyar wrote in his decision. He pointed to a 1990 case in which the police seized a suspected drug dealer’s pager as an example. The officers observed which phone numbers appeared on the pager, called those numbers back, and arranged fake drug purchases with the people on the other end of the line.

A federal appeals court held that the pager owner’s Fourth Amendment rights against unreasonable search and seizure were not violated because the pager is “nothing more than a contemporary receptacle for telephone numbers,” akin to an address book. The court also held that someone who sends his phone number to a pager has no reasonable expectation of privacy because he can’t be sure that the pager will be in the hands of its owner.

Judge Penoyar said that the same reasoning applies to text messages sent to an iPhone. While text messages may be legally protected in transit, he argued that they lose privacy protections once they have been delivered to a target device in the hands of the police. He claimed that the same rule applied to letters and e-mail. (Police would still need to seize or search a phone or computer legally, and phones are much easier for cops to seize than computers, which generally require a warrant.)

“On his own iPhone, on his own computer, or in the process of electronic transit, Hinton’s communications are shielded by our constitutions,” he wrote, referring to both the state and federal constitutions. “But after their arrival, Hinton’s text messages on Lee’s iPhone were no longer private or deserving of constitutional protection.” Penoyar rejected Roden’s privacy arguments on similar grounds.

Unsettled law

Mobile phones exist in a constitutional grey area. The law has well-developed doctrines protecting the privacy of our desktop computers, landline telephones, and filing cabinets. But modern cell phones perform all of these functions, and more. If the police are free to rummage through any cell phone that falls into their hands, every arrest would automatically give the police access to a treasure trove of private data that they would otherwise need a warrant, based on probable cause, to obtain.

The Washington State decision is not unprecedented. Last year, the California Supreme Court ruled that no warrant was required for the police to peruse a cell phone that was confiscated after its owner tried to sell ecstasy to an undercover police officer. In that case, the police obtained a text message that seemed to confirm the government’s case against the suspect. Two justices of the California Supreme Court dissented from the ruling.

One judge dissented from the Washington State rulings as well. “Sawyer engaged in a continuing search when he first searched the contacts list on Daniel Lee’s iPhone to find Hinton’s phone number,” wrote Judge Marywave Van Deren in her dissent. Sawyer “used Lee’s iPhone to send and receive messages from Hinton. Under these circumstances, I would hold that Sawyer was required to obtain a search warrant.”

In a slightly different context, the Obama administration has also held that the contents of cell phones enjoy constitutional protection. Earlier this year, the Department of Justice filed a brief in a Maryland case arguing that Baltimore police had violated a man’s constitutional rights—including his Fourth Amendment right against unreasonable search and seizure—when they seized his phone and deleted videos he had taken of the officers’ conduct.

When I called Facebook on Monday to ask why the company had changed the settings for the display of people’s e-mail addresses without their permission, potentially violating users’ privacy, I was told that the swap was not a “privacy” change, but rather a “visibility setting” change.

I offered a genuinely confused response to Jaime Schopflin, a Facebook spokeswoman I spoke with. “Um, isn’t changing the visibility of something actually changing the privacy setting?” I asked.

“No,” Ms. Schopflin said, explaining that they are two different things.

The company recently changed e-mail address settings to automatically show @facebook.com addresses on user profiles where other addresses were once visible. All of a user’s friends can see that address, even if the user specified that no addresses should be visible on the profile.

To Facebook, the words privacy and visibility may be as different as peas and carrots. But Facebook users and one linguistic expert I talked to seem to disagree.

Jesse Sheidlower, the editor at large of the Oxford English Dictionary, said Facebook’s effort to draw such a distinction was “worse than playing semantics.”

“It is giving a different name to something that has aspects of privacy to it,” Mr. Sheidlower explained. ”Publishing a picture of someone naked might be regarded as a ‘modesty’ issue, but that does not mean that it’s not a privacy issue, too.” He added: “Even Facebook can’t possibly think that doing this has nothing to do with privacy.”

Facebook’s attempt to shuffle words around is reminiscent of the famousquote by President Clinton during the Monica Lewinsky scandal, when the President responded to a question from a lawyer by saying, “It depends on what the meaning of the word ‘is’ is.”

Mr. Sheidlower mentioned another quote from Mr. Clinton: “I did not have sexual relations with that woman.” He noted that when the president had used the term “sexual relations,” it was in a limited way that he had worked out with his lawyers, not a more widely understood meaning. “If everyone agrees on what it means, then there’s nothing to argue about.”

Of course this is where things differ with Facebook. After all, peas and carrots are both vegetables. Although I’m sure Facebook would disagree.

EEF Privacy Report 2012: Who’s Protecting Our Privacy

We’re living our lives more and more in theonline environment. Eventually, we end up giving a lot of our personal data, whether we’re talking about a social network account, email service or a national carrier. Our conversations are being wire-tapped, our online surfing is being stored. Which are the companies that fight for our rights when the government wants to know more? Who protects our privacy?

This privacy report has been done by the Electronic Frontier Foundation and should be taken with all seriosity. When government agencies come asking for your personal data and your activity logs, who is fighting for your rights and who’s acting like a peaceful sheep, pleasing the Big Brother?

The chart from above shows how many stars the participating companies has been given. The rating has been made according to these factors:

·Tell users about data demands: a public commitment to inform users when their data is sought by the government. To earn a star in this category, Internet companies must promise to tell users when their data is being sought by the government unless prohibited by law. This gives users a chance to defend themselves against overreaching government demands for their data.

·Be transparent about government requests: transparency about when and how often companies hand data to the government. This category has two parts. Companies earn a half-star in this category if they publish statistics on how often they provide user data to governments worldwide. Companies also earn a half-star if they make public any policies they have about sharing data with the government, such as guides for law enforcement. (If a company doesn’t have law enforcement guidelines at all, though, we don’t hold that against them). Companies that publish both statistics and law enforcement guidelines receive a full star.

·Fight for users’ privacy rights in the courts: to earn recognition in this category, companies must have a public record of resisting overbroad government demands for access to user content in court. Not all companies will be put in the position of having to defend their users before a judge, but those who do deserve special recognition.

·Fight for users’ privacy in Congress: Internet companies earn a star in this category if they support efforts to modernize electronic privacy laws to defend users in the digital age by joining the Digital Due Process coalition.

You can see in the above chart which companies received the highest score and which ones the lowest one. EFF said that they’ve observed a real improvement in the way companies react towardsusers’ privacy. Especially such companies as Sonic, Linkedin, Dropbox or Facebook. These are the companies that “listened” to complaints and made the right adjustments. It’s sad to see Apple and Microsoft having such low scores, though. Not to mention the score of Verizon, Skype and MySpace…

Privacy Report Company Ranking

1.Sonic.net– 4 stars

2.Twitter– 3.5 stars

3.Google, Dropbox, Linkedin– 3 stars

4.Spideroak– 2.5 stars

5.Amazon– 2 stars

6.Facebook– 1.5 stars

7.Yahoo!, Microsoft, Loopt, Comcast, Apple, AT&T– 1 star

8.Foursquare, MySpace, Skype, Verizon– 0 stars

Let’s hope that, by next year, the companies with low scores will up their games and that we’ll see even more companies in this list. If more and more companies will fight for our rights, in Congress and courts, maybe we won’t see any ACTAs, SOPAs anymore…

Facebookers trigger vote to choke Zuck’s data suck

Facebook may be forced to make changes to its data use policy after campaigners helped drive enough complaints about the company’s own proposed amendments to trigger a user vote on the matter.

Under Facebook’s ‘Statement of Rights and Responsibilities‘ the company is obliged to allow its users to vote on alternatives the company draws up if “more than 7,000 users comment” on its own proposals seeking to change those terms.

Earlier this month the social networking business, headed by billionaire Mark Zuckerberg, announced that it wanted to update its data use policy because the Irish data protection watchdog had asked it to “enhance” it in order “to be even more detailed about how [Facebook] uses information”.

The Office of the Irish Data Protection Commissioner (ODPC) audited Facebook Ireland’s privacy policies and practices late last year after it received complaints about the company’s use of personal data from privacy group Europe-v-Facebook. Facebook Ireland has responsibility for all Facebook users outside of the USA and Canada.

The watchdog told Facebook to make a number of changes to the way it uses and stores its users’ personal data and the way it explains its data use policy. It is due to commence another audit of Facebook in July in order to assess the company’s efforts in meeting these recommendations.

Facebook’s proposed changes to its data use policy include new explanations of its data deletion practices as well as the controls that users have over the sharing of information with third-party applications. However, 47,824 users commented on the plans with many posting opposition to the planned new terms and instead calling for the chance to vote on the “demands” outlined by Europe-v-Facebook.

The campaigners have said the planned changes would not address the concerns they have with Facebook’s privacy practices and have instead outlined their own alternatives. These include requiring Facebook to “implement an ‘Opt-In’ instead of an ‘Opt-Out’ system for all data use and all features (eg, face recognition, applications or tags).”

“Right now, we are going through to see if there are things that make sense to change or that we want to respond to,” Barry Schnitt, director of corporate communications and public policy at Facebook, has said, according to a report by CNET.

More than 30 per cent of “all active registered users as of the date of the notice” would have to vote on the terms of that notice in order for the vote to be “binding” on Facebook, according to the company’s terms.

According to Facebook, the site – which floated on the stock market this month – had 901 million monthly active users at the end of March 2012.

Facebook Inc. (FB), the social network operator whose shares began trading today, was sued for $15 billion in an amended complaint by subscribers who claim the company invaded their privacy by tracking their Internet use.

In the complaint filed yesterday in federal court in San Jose, California, the plaintiffs sayFacebook improperly tracked users even after they logged out. Twenty-one cases making similar claims have been consolidated before the court. The latest filing seeks to proceed on behalf of U.S. residents who subscribed to Facebook from May 2010 to September 2011.

The ‘Facebook’ logo on sunglasses as she browses on a tablet. Photographer: Manjunath Kiran/AFP/Getty Images

Facebook, which sold stock in an initial public offering valuing the company at about $104 billion, has been scrutinized by regulators in the U.S. and Europe over how it protects users’ private information. Last year, a German data-protection agency said it may fine the Menlo Park, California-based company over facial-recognition software used for tagging photos.

“This is not just a damages action, but a groundbreaking digital-privacy rights case that could have wide and significant legal and business implications,” David Straite, a partner at Stewarts Law, which represents some of the users, said in an e- mailed statement.

Andrew Noyes, a Facebook spokesman, said in an e-mailed statement that the claims are without merit and the company will contest them.

Non-U.S. Residents

Straite said his firm is evaluating ways to add non-U.S. residents to the group of plaintiffs.

The U.S. Wiretap Act “provides statutory damages of the greater of $100 per violation per day, up to $10,000, per Facebook user,” according to the complaint. Facebook’s more than 800 million members are entitled to about $15 billion in total, according to the plaintiffs.

Facebook sold 421.2 million shares at $38 each to raise $16 billion, it said in a statement yesterday. That values the company at $104.2 billion, or 107 times trailing 12-month earnings, more than every S&P 500 member except Amazon.com Inc. and Equity Residential. (EQR)

CIA Set to Buy Facebook, Poking Around the Idea of a “Safer America”

The Central Intelligence Agency will be getting more social in the next few months, when they are expected to buy out Facebook. In an unprecedented move by a government agency, the CIA has set up a contract agreement with Facebook founder Mark Zuckerberg to purchase all servers and privacy rights. Early price information of the purchase is in the ballpark of $30 Billion. This means that all user profiles from the social media platform will belong to the CIA and their Security Information Protection team.

The CIA released a statement to all media outlets who requested information.

We here at the Central Intelligence Agency would like to officially welcome all users of the social media platform, Facebook, to a new beginning of secure browsing and safe online interaction. Our purchase of Facebook will not change the way its users conduct themselves in the community. It will only guarantee that everyone is safe from the web predators that are lurking on the internet. The security team that will take over all moderation of the platform will search and scan the website daily to obtain sensitive information regarding security concerns and terrorist threats. As it is known, a number of terror organizations use Facebook to spread their message of hate. Some are even known to poke one another to signal an attack. We would just like to reiterate that your information will be stored in our database forever, but it will not be a threat to you if you’re not a threat to us. Information kept in our database will range from IP addresses ,web history, interactions between users within the last 10 years, and group affiliations.

A new website that will soon be released will provide information and answers to people wondering how this will affect them. The header of that website states “A Safer America, One Poke at a Time.”

Mark Zuckerberg and his Facebook team are expected to announce this news in the next few weeks.

Facebook, seeking to address concerns about the personal information it collects on its users, said Thursday that it would provide any user with more about the data it tracks and stores.

Ronald Zak/Associated Press

Max Schrems, the German law student whose complaints last year about how Facebook tracked and stored his data focused attention on privacy concerns.

In a posting on its privacy blog, Facebook said the expanded archive feature would be introduced gradually to its 845 million monthly active users. It goes beyond the first archive made available in 2010, which has been criticized as incomplete by privacy advocates and regulators in Europe.

The archive Facebook published two years ago gave users a copy of their photos, posts, messages, list of friends and chat conversations. The new version, Facebook said, includes previous user names, friend requests and the Internet protocol addresses of the computers that users have logged in from. More categories of information will be made available in the future, Facebook said.

Online social networks offer free services to users and make money primarily through advertising, which can often be directed more effectively using the information the network has collected on them.

Facebook, which is preparing for an initial public stock offering, most likely in May, has been trying to accommodate government officials in Europe, where privacy laws are more stringent than in the United States.

Facebook’s data collection practices have tested the boundaries of Europe’s privacy laws. The social networking site, based in Menlo Park, Calif., is Europe’s leading online network, according to comScore, a research firm in Reston, Va.

In December, the Irish Data Protection Commission reached an agreement with Facebook, which runs its international businesses from offices in Dublin, to provide more information to its users and amend its data protection practices. “We took up their recommendation to make more data available to Facebook users through this expanded functionality,” the company said in a statement.

Facebook agreed to make those changes by July. In Europe, 40,000 Facebook users have already requested a full copy of the data that the site has compiled on each of them, straining the company’s ability to respond. Under European privacy law, the company must comply with the requests within 40 days.

Max Schrems, the German law student who filed the complaint leading to the agreement with the Irish authorities, criticized Facebook’s latest offer as insufficient.

“We welcome that Facebook users are now getting more access to their data, but Facebook is still not in line with the European Data Protection Law,” said Mr. Schrems, a student at the University of Vienna. “With the changes, Facebook will only offer access to 39 data categories, while it is holding at least 84 such data categories about every user.”

In 2011, Mr. Schrems requested his own data from Facebook and received files with information in 57 categories. The disclosure, Mr. Schrems said, showed that Facebook was keeping information he had previously deleted from the Web site, and was also storing information on his whereabouts, gleaned from his computer’s I.P. address.

Facebook’s data collection practices are being scrutinized in Brussels as European Unionpolicy makers deliberate on changes to the European Data Protection Directive, which was last revised in 1995. The commissioner responsible for the update, Viviane Reding, has cited Facebook’s data collection practices in pushing for a requirement that online businesses delete all information held on individuals at the user’s request.

Ulrich Börger, a privacy lawyer with Latham & Watkins in Hamburg, said he thought it was unlikely that the European Union would enact laws that would significantly restrict the use of customized advertising, which is at the core of the business model for Web sites like Facebook. It is more likely, Mr. Börger said, that lawmakers would require Facebook and other networking sites to revise their consent policies to make them more easy to understand. But it was unlikely that Facebook would be legally prevented from using information from individuals who sign up for the service.

“I don’t see any fundamental change,” Mr. Börger said. “It comes back to the question of consent. They cannot go so far as to prohibit things that people are willing to consent to. That would violate an individual’s freedom to receive services they want to receive.”

Rep. Patrick McHenry (R-N.C.) is drafting legislation that would ban employers from asking for their workers’ Facebook passwords, his office confirmed Wednesday.

Sen. Richard Blumenthal (D-Conn.) is planning to introduce a similar measure in the Senate.

According to recent media reports, there is a growing trend of employers demanding that job applicants provide passwords to their private Facebook accounts to check for embarrassing or damaging information.

The passwords give employers access to the users’ private messages, photos and the profiles of their friends.

Job applicants told the Associated Press earlier this month they felt they had to hand over their password or they would lose their chance at getting the job.

In a statement on Sunday, Sens. Blumenthal and Charles Schumer (D-N.Y.) called the practice “disturbing” and said it “represents a grave intrusion into personal privacy.”

“A ban on these practices is necessary to stop unreasonable and unacceptable invasions of privacy,” Blumenthal said.

The senators asked the Justice Department and the Equal Employment Opportunity Commission to investigate whether the practice violates the law.

Ryan Minto, a spokesman for Rep. McHenry, said the congressman’s aides have been working with Blumenthal’s office to draft the legislation. Minto said Rep. Ed Perlmutter (D-Colo.) is also involved in writing the bill.

“Requiring an individual to provide access to their personal social media account is an invasion of privacy, plain and simple,” Minto said. “Congressman McHenry is considering legislation to prevent this encroachment into Americans’ private lives.”

Perlmutter on Tuesday offered an amendment to a bill that would slow the ability of the Federal Communications Commission to adopt new regulations. Perlmutter’s amendment would have clarified that nothing in the bill would limit the FCC’s power to adopt rules banning employers from asking for passwords to Facebook or other social media sites.

“No American should have to provide their confidential personal passwords as a condition of employment,” Perlmutter said in a statement.

The House voted down Perlmutter’s amendment at the urging of Rep. Greg Walden (R-Ore.), the author of the underlying FCC reform bill.

Walden worried that the last-minute amendment would give the FCC too much power to regulate online privacy and said he wished that Perlmutter had brought up the issue earlier.

In a blog post last week, Facebook condemned employers who pressure people to hand over their passwords.

“If you are a Facebook user, you should never have to share your password, let anyone access your account, or do anything that might jeopardize the security of your account or violate the privacy of your friends,” said Erin Egan, Facebook’s chief privacy officer for policy.

What happened? Did the rules change? What is it about digital information that’s convinced some people this is OK? Maybe the right to privacy we were told so much about has simply become old-fashioned, a barrier to progress. In search of an answer, I tried a little thought experiment. Follow me, if you will, on a journey to a place in the space-time continuum I call the Land Before the Internet…

Through the looking glass
One bright sunny morning in the Land Before the Internet, you go on a job interview. You’re smart, skilled, motivated, and clearly destined to be an asset to any company that hires you. During the interview process, however, just as the HR manager begins to discuss the benefits package and salary, basically communicating that you have the job, he pauses.

“Oh, and we have a few procedural things to take care of,” he says. “We’ll need to assign a goon to follow you around with a parabolic microphone to listen to all of your conversations with friends, and we’ll have a few more follow your friends and family around to see what they’re saying.”

He continues: “Also, we’ll need full access to your diary, your personal records, and your photo albums. In fact, we’ll need the keys to your house, so we can rifle through your stuff to see what you have tucked away in the attic and whatnot. We will also need to do the same to all your friends. I assume that won’t be a problem?”

Just across town in the Land Before the Internet, a few officers in the local police station are bored, so they assign a few cruisers to shadow people at random, for an indefinite period of time. They pick names out of the phone book — selecting citizens who’ve otherwise raised no cause for suspicion — and follow them, simply because they can.

The cops meticulously document the citizens’ comings and goings, creating a very detailed report on their daily lives, complete with where they go, how long they stay, and when they return to their homes. They note when they go to the doctor, where they pick up their kids, everything. They maintain the tail for months or longer, then keep these reports forever.

It turns out that the police in the Land Before the Internet aren’t half as busy as the employees at the post office, who’ve been opening and reading every single letter you’ve sent and received — or the people at the phone company, who are assigned to listen to every phone call you make and transcribe the contents for easy search and recall at a later date. You could avoid their prying ears by speaking in code, but this would be documented as an attempt to evade eavesdropping, which is clearly an indicator that you’re engaging in some sort of nefarious activity. For instance, you might infringe on a copyright down the line, perhaps by singing a few bars of “In the Year 2525″ to a friend over the phone.

Welcome to the twilight zone
Of course, these upside-down horrors are unimaginable in real life. The idea that the post office or phone company would snoop is just crazy — except it’s pretty much what the major ISPs are now volunteering to do. Police stalking innocent citizens could never happen in the United States, at least not without a judge’s approval — unless it means sticking GPS devices on their cars. And under no circumstances would we allow the prospect of gainful employment to be contingent on the abrogation of someone’s personal privacy — but we might need to examine your Facebook page.

These invasions of personal privacy are occurring now because they’re suddenly very easy to accomplish. The rapid advancements in processing power and storage have opened the door to the wholesale collection and storage of vast amounts of data that can be indexed and tied (however loosely) to individuals. There’s no way that any of these entities would have the means or personnel to do this Big Brother nonsense physically, but once those communications occur over the network, they think they’re fair game.

There are many instances where digital surveillance is a good idea and essentially required because of the medium: people working on highly secure defense projects, those working with sensitive information for corporations that could be a target of corporate espionage, and obviously those in positions that require interaction with information on private individuals that should not be disseminated. The use of digital monitoring and data collection is very important in these places.

Further, if you’re employed by a company, using corporate resources, you relinquish some right to privacy in order to protect the company from internal sabotage or damages that might ensue from vital internal planning, innovations, or intellectual property falling into the hands of the competition. In short, if you’re at the office running your mouth on Facebook and IM about sensitive internal information and get fired for it, it’s your fault. You’re unlikely to get fired for bitching about your ex-husband to a friend in an IM from your work PC, but don’t be surprised to know that your conversations are being monitored and recorded in an effort to crack down on the former.

However, that should not extend beyond the office or into your personal time and space. Invasive digital eavesdropping and coerced access to private social networking applications is an absurd example of throwing the baby out with the bathwater. In an effort to find the needle, we’re burning down the haystack.

Smile :) You’re at the best wine blog ever! Scroll down to read our fun stories, and join our journey as we fight through the wine jargon in search of a good glass of wine. Wine blogs; the best place to read about wine online! We're rated as one of the most influential wine people on the net by Klout and Kred. Contact: winewankers@hotmail.com